Tuesday, 30 June 2020

ASCM Reivindica El Cumplimiento De La Normativa De Accesibilidad En La "Nueva Plaza De Armas"

La Asociación Sociocultural ASCM presentó, el lunes, un escrito al Ayuntamiento; solicitando que los bancos de la renovada Plaza de Armas cumplan con la altura mínima, recogida en la normativa.

                              Bancos Armas que no cumplen con la normativa.


La Asociación Sociocultural ASCM, que trabaja desde 1987 por la plena inclusión de las personas con discapacidad, presentó, el pasado lunes, un escrito al ayuntamiento de Ferrol; solicitando la adecuación de los bancos instalados, recientemente, en la renovada Plaza de Armas a la normativa de Accesibilidad en espacios públicos. Desde la entidad señalan que, tras realizar las comprobaciones pertinentes, se corroboró que los bancos no cumplen con la altura mínima estipulada en la Orden VIV/561/2010, que busca garantizar las condiciones básicas de accesibilidad y no discriminación en espacios públicos, procediendo a solicitar formalmente su adaptación.

Desde la Asociación Sociocultural ASCM se viene trabajando, desde su fundación, en la consecución de una auténtica accesibilidad universal que elimine las barreras arquitectónicas que frenan la inclusión del colectivo de personas con discapacidad en la vida pública. Tras recibir diversas demandas ciudadanas sobre la escasa accesibilidad de los bancos de la reformada Plaza de Armas, la entidad se desplazó hasta el lugar para realizar las comprobaciones pertinentes con arreglo a la normativa vigente; comprobando que, efectivamente, los bancos instalados no cumplen con la altura y profundidad de asiento mínimas, establecidas en el Art. 26 de la Orden VIV/561/2010, por la que se desarrolla el documento técnico de condiciones básicas de accesibilidad y no discriminación para el acceso y utilización de los espacios públicos urbanizados.

En el escrito, presentado al ayuntamiento, se adjunta una memoria fotográfica en la que se evidencia que los bancos no alcanzan los mínimos establecidos: "de una profundidad de asiento entre 0,40 y 0,45 m y una altura comprendida entre 0,40 m y 0,45 m"; estando, en ambos casos, muy por debajo de los 0,40 m y dificultando, así, el uso y disfrute del colectivo de personas con discapacidad. Desde la Asociación Sociocultural ASCM solicitan, por consiguiente, la adecuación de los bancos a la normativa vigente; haciendo, en la práctica, de la Plaza de Armas: un lugar para todas.

Repercusión en medios:

Read more


Posted by at No comments:

8 Hacking Websites & forums 2018 - Underground hacker sites

  • KitPloit: Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security.
  • The Hacker News: The Hacker News — most trusted and widely-acknowledged online cyber security news magazine with in-depth technical coverage for cybersecurity.
  • Hacked Gadgets: A resource for DIY project documentation as well as general gadget and technology news.
  • HackRead: HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance, and Hacking News with full-scale reviews on Social Media Platforms.
  • Packet Storm: Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers.
  • Exploit DB: An archive of exploits and vulnerable software by Offensive Security. The site collects exploits from submissions and mailing lists and concentrates them in a single database.
  • Metasploit: Find security issues, verify vulnerability mitigations & manage security assessments with Metasploit. Get the worlds best penetration testing software now.
  • Phrack Magazine: Digital hacking magazine.
Posted by at No comments:

Thursday, 11 June 2020

Theharvester: Email Harvesting Throughout Year




You might have harvested many things upto now but what we are going to harvest today is something bad :)


Requirements:

  1. A Linux box (I'm using Kali Linux)
  2. theharvester program (already available in Kali Linux)
So what does theharvester harvest? Well it harvests email addresses. theharvester is an Information gathering tool. If you want a list of emails to spam you can get that easily from theharvester tool and go on Spamming (I'm joking its illegal). It's a security tool that helps you in pentesting an organization (as always it can be used for evil as well). You can gather emails from an organization and look for potential victims to attack or use brute-force techniques to get their passwords or Social Engineer them into doing something that will let you compromise some or all systems in the organization. Uhh there are so many things that you can do when you have access to someone's email address.

OK stop talking and start doing.

Fire up a terminal in your kali box and type this command:

theharvester -d hotmail.com -l 50 -b google

In a small amount of time you'll see your terminal flooded with 200 hotmail.com email address. What does this command mean?

theharvester is the tool name that we are using
-d <domain_name> specifies the domain (or website) who's email addresses we're looking for, in our case it was hotmail.com
-l <number> specifies the number of results that we want in the output, I limited it to 50
-b <source> specifies the source on which to look for email addresses, I specified google as the source

Besides google we can specify any of the follow as source:
google, googleCSE, bing, bingapi, pgp, linkedin, google-profiles, people123, jigsaw, twitter, googleplus, all
Here the last entry all means look in every available source.

Let's say you wanted to look in every available source they you should specify the following command:

theharvester -d hotmail.com -b all



-f is another great flag which can be utilized to save the output in case we want to SPAM them later (just kidding) or for other reasons (I'm thinking positive). -f flag saves the result in html or xml format. Let's do just that:

theharvester -d gmail.com -l 50 -b google -f emailaddresses.html

here -f flag is followed by the location where we want to store the file and the name of file, in our case we stored it in our pwd (present working directory) with the name emailaddresses.html.



Above picture shows an html output generated by harvester.

That's it for this tutorial hope to see you next time!

Related links


Posted by at No comments:

CSRF Referer Header Strip

Intro

Most of the web applications I see are kinda binary when it comes to CSRF protection; either they have one implemented using CSRF tokens (and more-or-less covering the different functions of the web application) or there is no protection at all. Usually, it is the latter case. However, from time to time I see application checking the Referer HTTP header.

A couple months ago I had to deal with an application that was checking the Referer as a CSRF prevention mechanism, but when this header was stripped from the request, the CSRF PoC worked. BTW it is common practice to accept empty Referer, mainly to avoid breaking functionality.

The OWASP Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet tells us that this defense approach is a baaad omen, but finding a universal and simple solution on the Internetz to strip the Referer header took somewhat more time than I expected, so I decided that the stuff that I found might be useful for others too.

Solutions for Referer header strip

Most of the techniques I have found were way too complicated for my taste. For example, when I start reading a blog post from Egor Homakov to find a solution to a problem, I know that I am going to:
  1. learn something very cool;
  2. have a serious headache from all the new info at the end.
This blog post from him is a bit lighter and covers some useful theoretical background, so make sure you read that first before you continue reading this post. He shows a few nice tricks to strip the Referer, but I was wondering; maybe there is an easier way?

Rich Lundeen (aka WebstersProdigy) made an excellent blog post on stripping the Referer header (again, make sure you read that one first before you continue). The HTTPS to HTTP trick is probably the most well-known one, general and easy enough, but it quickly fails the moment you have an application that only runs over HTTPS (this was my case).

The data method is not browser independent but the about:blank trick works well for some simple requests. Unfortunately, in my case the request I had to attack with CSRF was too complex and I wanted to use XMLHttpRequest. He mentions that in theory, there is anonymous flag for CORS, but he could not get it work. I also tried it, but... it did not work for me either.

Krzysztof Kotowicz also wrote a blog post on Referer strip, coming to similar conclusions as Rich Lundeen, mostly using the data method.

Finally, I bumped into Johannes Ullrich's ISC diary on Referer header and that led to me W3C's Referrer Policy. So just to make a dumb little PoC and show that relying on Referer is a not a good idea, you can simply use the "referrer" meta tag (yes, that is two "r"-s there).

The PoC would look something like this:
<html>
  <meta name="referrer" content="never">
  <body>
    <form action="https://vistimsite.com/function" method="POST">
      <input type="hidden" name="param1" value="1" />
      <input type="hidden" name="param2" value="2" />
      ...
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

Conclusion

As you can see, there is quite a lot of ways to strip the Referer HTTP header from the request, so it really should not be considered a good defense against CSRF. My preferred way to make is PoC is with the meta tag, but hey, if you got any better solution for this, use the comment field down there and let me know! :)

More info
  1. Hacker Tools
  2. Pentest Partners
  3. Pentest+ Vs Oscp
  4. Hacking Device
  5. Pentest Vpn
  6. Pentest Wiki
  7. Hacker News
  8. Pentest Standard
  9. Pentest Vs Ethical Hacking
  10. Pentest Software
  11. Hacking The System
  12. Pentest Guide
  13. Pentestlab
  14. Hacker Tools
  15. Pentest Tools Framework
  16. Hacking Device
  17. Pentest Checklist
Posted by at No comments:

Diggy - Extract Enpoints From APK Files


Diggy can extract endpoints/URLs from apk files. It saves the result into a txt file for further processing.


Dependencies
  • apktool

Usage
./diggy.sh /path/to/apk/file.apk
You can also install it for easier access by running install.sh
After that, you will be able to run Diggy as follows:
diggy /path/to/apk/file.apk


Related articles

  1. Pentest Process
  2. Hacking Youtube
  3. Hacking Typer
  4. Pentest Windows
  5. Basic Pentest 1 Walkthrough
  6. Hacker0Ne
  7. Pentest Stages
  8. Pentest News
  9. Hacking The Art Of Exploitation
  10. Pentest Distro
  11. Pentest Vs Ceh
  12. Pentest Box
  13. Hacking Wifi
  14. Hacking Link
  15. Hacker Typer
  16. Pentest As A Service
  17. Pentest Iso
Posted by at No comments:

$$$ Bug Bounty $$$

What is Bug Bounty ?



A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.




Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.


Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.


While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.
More information
  1. Hacking Websites
  2. Hacker Attack
  3. Hackerrank
  4. How To Pentest A Website With Kali
  5. Pentest Lab Setup
  6. Pentest Vpn
Posted by at No comments:

Defcon 2015 Coding Skillz 1 Writeup

Just connecting to the service, a 64bit cpu registers dump is received, and so does several binary code as you can see:



The registers represent an initial cpu state, and we have to reply with the registers result of the binary code execution. This must be automated becouse of the 10 seconds server socket timeout.

The exploit is quite simple, we have to set the cpu registers to this values, execute the code and get resulting registers.

In python we created two structures for the initial state and the ending state.

cpuRegs = {'rax':'','rbx':'','rcx':'','rdx':'','rsi':'','rdi':'','r8':'','r9':'','r10':'','r11':'','r12':'','r13':'','r14':'','r15':''}
finalRegs = {'rax':'','rbx':'','rcx':'','rdx':'','rsi':'','rdi':'','r8':'','r9':'','r10':'','r11':'','r12':'','r13':'','r14':'','r15':''}

We inject at the beginning several movs for setting the initial state:

for r in cpuRegs.keys():
    code.append('mov %s, %s' % (r, cpuRegs[r]))

The 64bit compilation of the movs and the binary code, but changing the last ret instruction by a sigtrap "int 3"
We compile with nasm in this way:

os.popen('nasm -f elf64 code.asm')
os.popen('ld -o code code.o ')

And use GDB to execute the code until the sigtrap, and then get the registers

fd = os.popen("gdb code -ex 'r' -ex 'i r' -ex 'quit'",'r')
for l in fd.readlines():
    for x in finalRegs.keys():
           ...

We just parse the registers and send the to the server in the same format, and got the key.


The code:

from libcookie import *
from asm import *
import os
import sys

host = 'catwestern_631d7907670909fc4df2defc13f2057c.quals.shallweplayaga.me'
port = 9999

cpuRegs = {'rax':'','rbx':'','rcx':'','rdx':'','rsi':'','rdi':'','r8':'','r9':'','r10':'','r11':'','r12':'','r13':'','r14':'','r15':''}
finalRegs = {'rax':'','rbx':'','rcx':'','rdx':'','rsi':'','rdi':'','r8':'','r9':'','r10':'','r11':'','r12':'','r13':'','r14':'','r15':''}
fregs = 15

s = Sock(TCP)
s.timeout = 999
s.connect(host,port)

data = s.readUntil('bytes:')


#data = s.read(sz)
#data = s.readAll()

sz = 0

for r in data.split('\n'):
    for rk in cpuRegs.keys():
        if r.startswith(rk):
            cpuRegs[rk] = r.split('=')[1]

    if 'bytes' in r:
        sz = int(r.split(' ')[3])



binary = data[-sz:]
code = []

print '[',binary,']'
print 'given size:',sz,'bin size:',len(binary)        
print cpuRegs


for r in cpuRegs.keys():
    code.append('mov %s, %s' % (r, cpuRegs[r]))


#print code

fd = open('code.asm','w')
fd.write('\n'.join(code)+'\n')
fd.close()
Capstone().dump('x86','64',binary,'code.asm')

print 'Compilando ...'
os.popen('nasm -f elf64 code.asm')
os.popen('ld -o code code.o ')

print 'Ejecutando ...'
fd = os.popen("gdb code -ex 'r' -ex 'i r' -ex 'quit'",'r')
for l in fd.readlines():
    for x in finalRegs.keys():
        if x in l:
            l = l.replace('\t',' ')
            try:
                i = 12
                spl = l.split(' ')
                if spl[i] == '':
                    i+=1
                print 'reg: ',x
                finalRegs[x] = l.split(' ')[i].split('\t')[0]
            except:
                print 'err: '+l
            fregs -= 1
            if fregs == 0:
                #print 'sending regs ...'
                #print finalRegs
                
                buff = []
                for k in finalRegs.keys():
                    buff.append('%s=%s' % (k,finalRegs[k]))


                print '\n'.join(buff)+'\n'

                print s.readAll()
                s.write('\n'.join(buff)+'\n\n\n')
                print 'waiting flag ....'
                print s.readAll()

                print '----- yeah? -----'
                s.close()
                



fd.close()
s.close()





Continue reading


  1. Hacker Attack
  2. Hacking Growth
  3. Pentest Magazine
  4. Hacking Meaning
  5. Pentest Bootcamp
  6. Pentest Android App
  7. Hacking Site
  8. Hacker On Computer
  9. Hacker Google
Posted by at No comments:

HOW TO CAPTURE SCREENSHOT IN KALI LINUX? – KALI LINUX TUTORIAL

Kali Linux has been the most advanced penetration testing machine introduced yet. It has the most valuable tools used for every sort of hacking. To take advantage of Kali Linux hacking tools, you have to switch your OS to Kali Linux. You can either install Kali Linux as your default OS or just install as a virtual machine within the same OS. You can learn more about how to install Kali Linux Virtualbox. Today in this tutorial, I am just going to share a very simple Kali Linux tutorial on how to capture screenshot in Kali Linux. It's very simple and newbie friendly.

SO, HOW TO CAPTURE SCREENSHOT IN KALI LINUX? – KALI LINUX TUTORIAL

There are two ways to capture a screenshot in Kali Linux. One is the ultimate easy one and the second one is a bit complex but it's also not so complicated. So, don't worry about anything.

INSTRUCTIONS TO FOLLOW

  • In a first way, you can take a screenshot in a similar way as you take in Windows OS by simply clicking the PrntScr button on the keyboard. As you hit that button, a screenshot will be saved in the Pictures folder of your Kali Linux. The major problem with it, it only captures the full screen. We have no control over it to capture a specific window or region.
  • The second way is to take a screenshot using the command. For that, open up a terminal in the Kali Linux and type apt-get install ImageMagick.
  • Once the command is completed and ImageMagick is installed. We have two options to take a screenshot with it. One is to capture full screen and second is to capture a specific window.
  • To capture full screen, type import -window root Pictures/AnyNameOfTheImage.png in the terminal. It will take a full screenshot and will save it to the Pictures directory by the name you specify. Make sure to type .png  at the end of the file name.
  • To take a screenshot of a specific window or region, type import Pictures/AnyNameOfTheImage.png in the terminal and hit Enter, it will turn the cursor to a selection tool. You just click the mouse button and select the area you want to capture. As you will leave the mouse key, screenshot will be saved in the Pictures folder.
That's all how you can capture screenshot in Kali Linux. This is a very simple and beginner-friendly Kali Linux tutorial to help out all the newbies how they can use this features in need. Hope it will be useful for you.
Related posts
Posted by at No comments:

Wednesday, 10 June 2020

TOP 10 HACKING MOVIES YOU SHOULD WATCH

Technology and hacking gave a new horizon to the science fiction movies. As hacking is getting common and every online thing is at risk whether it's 10% or 90%, not a system is 100% secure over the internet. Every day new security holes are getting discovered. So, now most of the sci-fi movies have the tech and hack stuff to grow awareness in everybody's mind about the online privacy and risk to their information. Here I am sharing top 10 hacking movies that worth a watch.

TOP 10 HACKING MOVIES

Here I have listed top 10 hacking movies that you should watch.

1. HACKERS (1995)

In Hackers, Angelina Jolie and Jonny Lee Miller portray two youthful and hip hackers. Miller portrays a hacker who got caught as a very young child at an age of 11 years after crashing thousands of computers and has been sentenced to zero computer access until his 18th birthday.

2. LIVE FREE OR DIE HARD (2007)

Live Free or Die Hard (also known as Die Hard 4 and released as Die Hard 4.0 outside North America) is a 2007 American action film, and the fourth in the Die Hard film series depicts a scenario where a hacker played by Timothy Olyphant (of Justified fame) takes down nearly the entire U.S. infrastructure in an attempt to transfer trillions of dollars from the Federal Reserve to his account. This movie gives a complete idea of how actually these blackhat hackers operate.

3. EAGLE EYE (2008)

In this movie, two people get a call from an unknown number by a woman. They get a task on the phone that if they don't follow the phone call they would die. This movie displays supercomputer hack on all networks and military networks. This is just an amazing movie on how artificial intelligence computer hacks our real life for bad motives.

4. ALGORITHM (2014)

The film 'Algorithm' tracks the travails of Will, who is the freelance computer hacker who hacks into a top-secret government contractor agency and downloads all their recently developed programs." You can see the full movie below

5. WARGAMES (1983)

The film features David Lightman (Broderick), a young high school student hacker who accidentally hacks into a military supercomputer and starts the countdown to World War III.

6. THE MATRIX (1999)

This is one of the greatest science fiction movies. In this movie, reality, as perceived by most humans, is actually a simulated reality called "the Matrix", created by machines to subdue the human population, while their bodies' heat and electrical activity are used as an energy source.
A character named "Neo", who is a computer Hacker, learns this truth and is drawn into a rebellion against the machines, which involves other people who have been freed from the "dream world". The Matrix franchise is a trilogy movie series.

7. TAKEDOWN (2000)

This movie is based on famous computer U.S. hacker Kevin David Mitnick. Based upon the book and written by his nemesis, Tsutomu Shimomura, the story tends to glorify Shimomura. Mitnick operated in the 1980s and '90s and eventually went to prison for a couple of years. Now, he is a highly paid IT security consultant, speaker, and writer.

8. BLACKHAT (2015)

Blackhat is newly released movie by Chris Hemsworth. In this movie, hackers hack the Chinese nuclear power plant to start a nuclear reaction. Simultaneously, they also hack the stock exchange and steal millions of dollars from the bank. This movie shows how a black hat hackers threaten governments.

9. THE ITALIAN JOB (2003)

Although the MINI Coopers are really the stars of The Italian Job (a remake of the 1969 film of the same name), Seth Green plays Lyle, a hacker among a group of elite thieves, who is able to manipulate traffic signals, among other devices, that make this grand theft possible.

10. UNTRACEABLE (2008)

This film involves a serial killer who rigs contraptions that kill his victims based on the number of hits received by a website KillWithMe.com that features a live streaming video of the victim. Millions of people log on, hastening the victims' deaths.

There may be more exciting hacking movies but I found these top 10 hacking movies that you should watch for once.
You can also find out the top 5 most dangerous hackers in the real world living.
Related links
  1. Hacking Growth
  2. Pentest Dns
  3. Pentest News
  4. Pentest Report
  5. Hacker Computer
  6. Hacker Ethic
Posted by at No comments:
Subscribe to: Posts (Atom)